Availability of ModSecurity 2.6.1-RC1 Release (June 30, 2011) The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.1-rc1 Release. This release includes some new features and bug fixes, please see the release notes included into CHANGES file....

The ModSecurity Project Team is happy to announce our first community hacking challenge! This is a SQL Injection and Filter Evasion Challenge. We have setup ModSecurity to proxy to the following 4 commercial vuln scanner demo sites: IBM (AppScan) -...

Application Defense Response Actions What is the best way to respond to suspicious transactions within your web application? The answer is that it depends in the circumstances and it is certainly not a "One Size Fits All" approach. The reality...

Spot the Vuln -&gt; Patch the Vuln SpotTheVuln This blog post series is designed to be a companion to the Spotthevuln.com website (thanks to Billy Rios - @XSSniper). Spotthevuln.com was designed to give developers more insight into designing code with...

Unicode + Best-Fit Mapping = Evasions Impedance mismatches between a security inspection system (IDS, IPS or WAF) and the target web application is a major concern with regards to security inspection. The process of data normalization or canonicalization and how...

I am excited to announce that SpiderLabs will be hosting a ModSecurity Happy Hour during the Blackhat USA 2011 conference in Las Vegas. This is relaxed, social setting where you can meet not just the ModSecurity Project Team but also...